4

I would like to use the Azure DevOps API to create a PAT for my user. But I'm unable to authenticate yet. In this document from Microsoft, they state that authentication is possible with a PAT, but it is not true. I'm getting a HTTP 203 with a Sign In page in response.

PS: I'm using Postman to test the API requests.

Improve this question

7 Answers 7

Reset to default
8

This worked for me when sending a request with headers like so

'Authentication': 'Basic <Base-64 encoded PAT>'

You have to include ':' at the beginning of your PAT before you encode it (use Base-64 with padding). Use a colon even if you do not include username.

P.S I think in Postman you don't need to encode your PAT.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Confirmed, you don't need to encode the PAT. Postman does it for you.
6

Yes it does work, you're just not setting it up right.

Look at the Basic Authentication of this document. You need to base 64 encode the username password like this: username:PAT. Spearate the two with the colon.

Improve this answer

4 Comments

This worked! I used by email address for the username part
Thanks! I used the requests library in Python and I think I didn't need my username, just by PAT: requests.get(diff_url, auth=('', personal_access_token))
Does this work with the system access token in a pipeline?
I don't see why running it in a pipeline versus say Postman would make any difference.
3

I think the security section of this REST API is misleading.

In fact, this REST API cannot be authenticated with PAT, as mentioned in another document:

To use the API, you must authenticate with an Azure AD token.

Unlike other Azure DevOps Services APIs, users must provide an Azure AD access token to use this API instead of a PAT token. Azure AD tokens are a safer authentication mechanism than using PATs. Given this API’s ability to create and revoke PATs, we want to ensure that such powerful functionality is given to allowed users only.

This document also explains how to use this REST API in detail, which you can refer to.

Improve this answer

8 Comments

I got a bearer token through an App Registration and calling "login.microsoftonline.com/<tenantID>/oauth2/v2.0/token. But this bearer token also does not work...
@plsfix I still have the same issue, I got the bearer token from login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token and that token is not working in PAT API endpoint.
@plsfix However what I did for now is, I used the python flask application provided by microsoft here github.com/microsoft/azure-devops-auth-samples/tree/master/… and I retrieved the bearer token from the API logs and it worked fine for me. But I am still trying to figure out the way for getting the Azure AD Access token thing.
@Saad the library for flask seems to be the easiest solution. We ditched our project and decided to grab a PAT manually via the GUI.
@Rakim original poster's question is about Pats - List API. REST APIs about tokens are special and only can use Azure AD token (now Microsoft Entra token) for authentification. Other REST APIs, like listing work items, can use PAT definitely.
|
3

I wanted to share how I successfully connected to the Azure DevOps API using a Personal Access Token (PAT) from a PowerShell script. While this might be a bit late, I hope it helps others who come across this.

First, you'll need to have a PAT created in your Azure DevOps account

Now, here's the PowerShell script :

# Define your Personal Access Token (PAT)
$pat = "YOUR_PERSONAL_ACCESS_TOKEN"
    
# Define the DevOps API URL
$jsonUrl = "YOUR_JSON_URL_HERE"
    
# Create headers with the PAT for authentication
$headers = @{
        Authorization = "Basic " + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$($pat)"))
    }
    
# Make the request with authentication headers
$jsonContent = Invoke-RestMethod -Uri $jsonUrl -Headers $headers
Improve this answer

Comments

1

I'm late in the game but I'll add my answer if someone stumble upon this just like I did.
So I have tested with a token obtained with this Azure CLI command:

az account get-access-token --resource 499b84ac-1321-427f-aa17-267ca6975798 --query accessToken -o tsv

And it works using the rest-client VS Code extension like this:

@jwt=<PASTE JWT HERE>
@org=<YOUR ORG HERE>
###
GET https://vssps.dev.azure.com/{{org}}/_apis/tokens/pats?api-version=7.1-preview.1
Authorization: Bearer {{jwt}}

I hope this helps !

Improve this answer

Comments

1

Also ran into this problem. For me this worked - Putting the email in base 64 in the username and the PAT in the password in Basic Auth.

Improve this answer

1 Comment

Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.
-3

This is what I do, no need to base64 encode anything:

enter image description here

Improve this answer

4 Comments

This is because Postman UI does base64 for you.
yeah, exactly. no need to do anything extra. Obviously the people downvoting this haven't actually tried it, it works 100%
this is the answer for Postman or Bruno, not sure why people are downvoting
@Klors they are downvoting it because we live in a world where people are apart from the truth. This works 100%, as you have pointed out and I use this method frequently. These are the same people that think you can build a business or become the best version of yourself in a 7 second TikTok video.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.